Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
Report-To
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
NEL
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-UA-Device
Request-Context
X-Backend
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Accept-CH
X-Device
X-OneAgent-JS-Injection
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Trace
X-Url
Allow
X-PC
X-TtlSet
X-Vname
X-Content-Type
X-Aws-Lambda-Call-Status
X-Ac
X-Clacks-Overhead
Edge-Control
X-Varnish-TTL
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
Verso
MS-Author-Via
X-Element-Page-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-Upstream
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
RTSS
X-Px
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Country-Code
X-Goog-Hash
X-NF-Request-ID
X-TTL
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Middleton-Display
Display
Pagespeed
X-Sol
AR-SID
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-Version
X-CST
X-Powered-CMS
X-Middleton-Response
Response
X-Origin-Cache
X-RateLimit-Remaining
X-MSEdge-Ref
X-LLID
TCN
Nginx-Cache
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amz-Server-Side-Encryption
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Edge
X-Protected-By
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
X-Ruxit-Js-Agent
X-Jurisdiction
X-HP-Webp
X-Shield-Request-Id
X-HP-Trace-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Edge-Cache-Tag
X-Language
S
X-Aspnetmvc-Version
Content-MD5
SPRequestDuration
SPIisLatency
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
Server-Node
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Filters
Pinterest-Generated-By
X-Frontend
X-Pinterest-Rid
X-Cache-Key
X-Recruiting
X-NWS-LOG-UUID
Server-Name
X-Content
X-Ua-Browser
X-Ab
X-Ser
X-Correlation-Id
X-MCACHE
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-Template
X-HS-Combine-CSS
X-DynaTrace
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Hits
X-Parallel-Accel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ECACHE
MicrosoftSharePointTeamServices
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
Charset
X-Page-Id
X-Daa-Tunnel
X-B3-Sampled
X-Ttl
Host
Cleartype
X-Git-Hash
X-Www-Served-By
X-Geo-Country
X-Debug-Info
X-Oneagent-Js-Injection
X-DIS-Request-ID
X-Content-Options
Alternate-Protocol
X-Content-Digest
X-Amzn-Trace-Id
X-Hostname
Accept-Ch
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Ratelimit-Limit
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Cross-Origin-Opener-Policy
X-ASPNET-VERSION
X-Amz-Replication-Status
X-DataDome
Filterid
X-Grace
X-Varnish-Age
X-F-Cache
ServerID
X-Az
X-AppVersion
X-Upgrade-Enabled
X-Activity-Id
X-Accel-Expires
X-FB-Debug
X-WebKit-CSP-Report-Only
X-VCache
X-N
X-Nginx-Upstream-Cache-Status
X-Rid
X-Mobile-URL
X-Forwarded-Proto
X-Origin-Server
Access-Control-Allow-Method
X-Type
X-LB-Cache
X-TT
X-Whom
X-Ratelimit-Reset
X-Is-Crawler
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Providence-Cookie
X-Request-Guid
X-Tb
X-Route-Name
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-App-Environment
Viewport
X-Distributor
X-Seen-By
X-Aspnet-Duration-Ms
X-Goog-Metageneration
X-Goog-Generation
X-Flags
X-Varnish-Grace
Payment
X-Fastly-Request-ID
X-Fastly-Request-Id
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Dynamic
Node
X-FW-Type
X-FW-Server
X-User-Agent
Paypal-Debug-Id
DC
X-XRDS-LOCATION
X-Server-ID
Country
X-Wix-Request-Id
Accept-Charset
TP-L2-Cache
TP-Cache
Fastcgi-Useragent
X-Fastcgi-Cache
X-App-Server
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Rule
X-Cache-Control
X-Via-JSL
X-Cluster-Name
X-Litespeed-Cache
X-Webkit-Csp
X-NGENIX-Cache
X-Drupal-Cache-Tags
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Signature
X-Contextid
X-B-Cache
Cache-Status
X-Buckets
Referer-Policy
X-Logged-In
X-Node-Name
Refresh
Amp-Access-Control-Allow-Source-Origin
X-Mobile
SD-X-WS
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Response-Served-From
X-Origin-Upstream-Status
X-Vgn-Hpd-Reason
X-Rendered-As
X-Load-Cache
X-Cache-Expired-At
X-Jobs
X-Is-Bot
X-Real-IP
X-Varnish-Backend
X-Proxy-Cache-Status
X-Cacheable-TTL
X-Erf-Bev-Bev
Access-Control-Request-Headers
X-Browser-Type
X-Debug
X-Erf-Bev-Bev-Is-Generated
X-Revision
X-B
NGB
X-IPLB-Instance
X-Device-Type
X-Proxy
X-Yottaa-Metrics
X-UUID
X-Cache-Action
X-Yottaa-Optimizations
X-Page-View
X-Rule
Akamai-GRN
X-ProcessESI
X-Instance
X-Framework
X-RemovedCookies
X-G
Surrogate-Key
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
X-FW-Version
X-Accel-Buffering
CF-IPCountry
SID
X-XRDS-Location
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Cache-NGX
X-Presslabs-Stats
Count-Hit
Uber-Trace-Id
X-Air-Trace-Id
GEO-INFO
X-Air-Hostname
X-Air-Source
X-Cache-Operation
X-Azure-Ref
X-Ms-Version
X-Source
X-Ms-Request-Id
X-Nginx-Cache
X-RateLimit-Limit
X-PressLabs-Stats
X-Zen-Fury
Protected
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Trace-Id
Liferay-Portal
DynaTrace
Frame-Options
X-Cache-Hit
X-RTag
WPO-Cache-Message
X-CDN-Forward
MS-CV
WPO-Cache-Status
Ms-Operation-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Servername
X-TEC-API-VERSION
X-Cache-TTL-Remaining
X-Hyper-Cache
Ec-Rule-Version
X-Backend-Name
Healthy
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Countrycode
X-L-Path
X-Mode
Content-Disposition
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Environment-Context
X-Tumblr-User
X-Tumblr-Pixel
Xserver
X-Adobe-Loc
X-Varnish-Server
X-Adobe-Content
Backend
X-Detected-As
X-JoinUs
LB
X-RN-RSRV
X-UPSTREAM-Address
X-Tid
Meta-Geo
Url
X-Cache-Grace
X-Rewrite-Enabled
X-SaId
X-Zipkin-Id
X-Proxied
X-Region
Decoy-Debug-Status
X-Uri
X-Routing-Service
X-Format
X-Generation-Time
X-Content-Age
X-ShardId
Apigw-Requestid
X-Debug-Cache
X-Ratelimit-Remaining
X-Cache-Server
X-Sorting-Hat-PodId
Decoy-Debug-TTL
X-Redis-Cache
Decoy-Debug-Key
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
Country-Code
X-Extlb
Eomportal-Instance
X-Sorting-Hat-ShopId
CDN-RequestCountryCode
X-Access
CDN-Uid
Mn-Server-Ip
X-ApacheServer
CDN-Cache
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-PERF
Cache-Name
X-Section
X-Forwarded-Host
X-UA-Device-Type
Retry-After
X-FB-TRIP-ID
X-ServerID
X-Site-Version
X-Sql-Count
X-Sql-Duration-Ms
X-Status
X-PHP-Backend
X-Via-Fastly
X-PCL
X-Origin-Date
X-No-Session
X-Microcachable
X-NCache
X-Human
X-OCL
X-Server-W
TWC-Device-Class
X-NYM-Debug-Backend
TWC-Connection-Speed
Fastly-SSL
Property-Id
X-Storage
X-Generated-By
X-Hosted-By
X-Web-Node
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
TWC-GeoIP-Country
X-ProxyCache-Status
X-Pubstack
Webcakes-Region
X-ProxyCache-Key
X-BYPASS-REASON
X-Cluster-Node
X-Proxy-Build
X-Cache-Host
Webcakes-App-Version
X-Timing-Wait
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Cache-Type
TWC-Privacy
Webcakes-App-Name
X-Varnish-Beresp-Grace
X-Content-Powered-By
X-Origin-Hint
X-Akamai-Edgescape
Selected-Fe
Cache-Tv-Group
X-NewRelic-App-Data
X-Soup
X-Varnishpool
X-Hl-Ver
X-Be
X-R9-Blue-Green-Version
X-Nginx-Cache-Key
Azure-InstanceId
Azure-Version
Content-Secure-Policy
Azure-SiteName
Azure-RegionName
Section-Io-Cache
Azure-SlotName
X-Ua
X-TIME
X-LSADC-Cache
X-Cache-Remote
X-Unique-Id
X-Webkit-CSP
DB-Nickname
X-Dc
X-Cached-By
X-Azure-Ref-OriginShield
X-Bc-Bl
X-Platform-Server
X-TT-LOGID
X-Xfnlog-Site
X-Akamai-Transformed
Source
OT-Force-Account-Verify
Cache
X-Auto-Login
X-Cache-Tags
From-Origin
ServedBy
Upgrade-Insecure-Requests
X-LAGOON
X-Varnish-Cache-Hits
X-GEO
SRV
Xet-Cookie
X-AOL-HN
X-Origin-TTL
X-ECache
X-Origin-CC
X-Request-Time
X-Cdn
X-NWS-UUID-VERIFY
Cache-Hits
X-Varnish-Hits
HostName
Mime-Version
X-Request-Host
X-Varnish-Hostname
WP-Super-Cache
X-TNCMS
Webserver
Onion-Location
X-Loop
X-CSRF-Token
X-S-Maxage
X-HTML-Minification-Powered-By
X-App-Version
X-Cache-Enabled
X-EC-Lua
X-FireWall-Port
X-Time
X-SRV
Web-Mar-Node
X-Akamai-Request-ID2
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Handled-By
N-Cache
X-Http-Reason
S-Rt
X-Endurance-Cache-Level
X-Adobe-Source
X-RCS-CacheZone
X-Reqid
X-Origin-Response-Time
X-Proto
X-B3-SpanId
X-Tenant
DCR-Decision-By
DCR-Processing-Time-Ms
X-Processor
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
Pramga
Redirect-Candidate
Mobile-Detection-Method
X-Planisys-CDN-TTL
Xc-Version
BehaviorPad-Version
Meta-Geo-Continent
Expiry
X-ScT
X-V-Cache
X-TIM-N
X-SRCache-Key
X-Vdms-Path
X-Vdms-Version
X-Vtex-Processado-Em
X-VG-WebCache
X-Shop-Environment
Server-Info
X-Mg-Request-UUID
A
X-S
X-S-Cookie
Rendered-Blocks
X-Session-Fingerprint
X-SD-PageType
X-Rojux
Sslversion
X-CF-Lambda-Version
X-Ig-Push-State
X-Ckpd-Fst-Backend
X-Hnp-Log
X-CF-Lambda-Fn
X-NAPM-TraceId
X-Backend-TTL
X-Block-Status
X-Cache-NE
X-Cluster
X-GG-Cache-Date
X-Epic-Correlation-Id
X-D
X-Developer
X-Connection-Hash
X-External-Request-Id
X-Gen-Mode
X-Ftr-Request-Id
X-Forwarded-Path
X-B-Cookie
X-ARC
V-Age
Vix-Hermes-Req-Id
X-PAYTM-SRV-ID
X-A
User-Cache-Control
Surrogated-Key
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Destination
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
X-ND-Cache
X-Application
X-Aed
X-A-Wwc
X-Orig-Expires
X-A-Dcw
X-A-Dgt
X-Planisys-CDN-Rules
X-Conf
X-VWS-Id
X-AWS-Id
X-Amz-Meta-S3cmd-Attrs
X-LJ-Flow-ID
Nel
X-Correlation-ID
X-MP-GENERATED-AT
X-Locale
X-Time-Microsecs
X-Magnolia-Registration
X-Edge-Location
X-VG-TLSProxy
X-Geo-Header
DSUID
Fastcgi-Cache-TTL
X-Gdpr
X-SVT-ORM-RULES
X-Scheme
X-Slack-Backend
CDCHOST
X-Hash
Cmsid
Cmstype
X-GeoIP-Region-Code
X-SVT-ORM-VERSION
X-GeoIP-Country-Code
Gh-Request-Id
X-Fastly-Cache
X-Fetched-On
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Origin
X-Rocket-Nginx-Serving-Static
X-Forwarded-Site
Origin-EX
X-Aicache-OS
Origin-CC
X-Accel-Expires-Debug
Host-ID
X-Request-URI
X-Device-Os
X-Core-Mission
CacheControlHeader
Svr
X-Policy
X-Date
X-Cache-Date
X-Cache-Bucket
State
X-Cache-Info
X-Location
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Old-Content-Length
X-Server-IP
X-Men
X-Cdn-Srv
X-NodeID
Traceparent
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Proxy-Upstream
Arc-Country
AKAMAI
X-Viewer-Country
X-Webstats-RespID
True-Client-Country-4JS
X-Origin-Expires
X-Origin
X-Origin-Time
CloudFront-Viewer-Country
X-Via-NSCOPI
Environment
X-Datadog-Sampling-Priority
X-VarnishDD-TTL
X-Datadog-Parent-Id
X-Owner
Thinkindot-Control
Web-Mar-Region
We-Hiring
Thinkindot-CacheControl-Type
X-Sucuri-Cache
X-Sigma-Backend
X-Branch-Name
AMP-Access-Control-Allow-Source-Origin
X-CGP
X-Sigma
X-Cache-Debug
X-Served-From
X-Amz-Apigw-Id
X-Cache-Id
X-Skip-Cache
X-BBC-Edge-Cache-Status
X-Core-Value
X-Thinkindot-L3
X-TrackingId
X-UnsetCookies
X-TH-Server
X-Sucuri-ID
X-Storefront-Renderer-Rendered
Thinkindot-CacheControl
X-ATG-Version
X-Csrf-Jwt
X-Varnish-Ttl
X-GeoIP-City
X-Gzip
X-RateLimit-Limit-Second
X-HN
X-GeoIP
X-Fastly-Backend
X-Cdn-Origin
Fastly-GeoIP-CountryCode
X-RateLimit-Remaining-Second
X-Generated-On
X-HS-Content-Campaign-Id
X-Restarts
X-LI-UUID
X-Platform
X-Node-Id
X-PHP-Host
X-Li-Pop
X-Li-Fabric
X-Sn-Servicetimems
X-Irp-Debug
X-Labrador-Cache-Channel
X-Level-Front-Cache
X-VServer
Ha-Gx-Prefs
Release
X-Envoy-Decorator-Operation
TDXMobile
PFcat
X-Developers
Req-Svc-Chain
X-Datadog-Trace-Id
X-Varnish-Beresp-Ttl
Server-Host
X-Rocket-Build-Number
HA-Ipaddr
X-Esi-Check
Locid
L5d-Success-Class
L
X-Gamma-Serve
Machine
X-Region-Sid
X-Amzn-RequestId
X-Eu-Site
X-Req
Mail-Subject
Ssr
Accept-Language
X-Zone
X-Pod-Name
X-Varnish-Beresp-Status
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Has-Esi
X-JWT-State
X-DefHash
X-DefElseHash
NM-Fastcgi-Cache
Platform
Memcached
X-Loc
X-Qloud-Router
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Worker
Fastly-Drupal-Html
X-Varnish-CookieHashed-On
X-Variation
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Response-By
Is-Eu
X-Is-Gdpr
X-Amzn-Remapped-Content-Length
Cf-Device-Type
Adler-Geo
Fastly-SWR
Fastly-SIE
X-Xrds-Location
X-VC-Cache
X-Cache-Backend
X-Backend-State
X-Cache-Var
X-Cache-Var-Map
X-Action
X-DB
X-DSS
X-RPM
X-DI
X-RPS
X-RSL
X-DW
X-Tx-Id
X-NU-AKA-ACS-Version
Magicmarker
NGX
X-TraceId
X-Ua-Device
X-Srv
CDN
X-CS
X-Wix-Viewer-Type
X-NC
Edge-Cache
Kp-EeAlive
Pics-Label
X-CacheTTL
X-Mvc-Supplant-OutputCached
X-Optimistic-Header
X-Generated-In
X-API-Version
X-LB-NoCache
X-Minions-Version
X-LB-ID
X-Request-Start
X-Up
Locale
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Thanos
Memory
Ms-Author-Via
X-Trace-ID
Time
X-Bip
X-Tt-Logid
X-M-Log
X-Qnm-Cache
X-M-Reqid
X-Refresh
X-Edge-Pop
Env
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Cache-Config
WebServer
X-TA-CDN-Provider
X-Ec-GeoHdr
X-User
GeoIp-Country-Code
X-Ec-Fail
X-HA-Backend
X-Parent-Response-Time
X-DC
X-Servedbyhost
X-CACHE-KEY
Server-ID
NtCoent-Length
X-Cs
Datacenter
Candidate-Md5Url
X-Esi
X-DynaTrace-JS-Agent
X-Vc
X-ZONE
X-MSEdge-Features
X-MSEdge-Flight
X-AK-Request-ID
X-TX-ID
X-Dynatrace
Cdncip
Cdnsip
X-CLOUD-TRACE-CONTEXT
WWW-Authenticate
On-Server
My-App
X-Clara-WADP
X-WADP-Cache
X-Fmm-Version
Cluster
X-Datadome
X-Pass-Why
DataCenter
Esi-Enabled
X-Varnish-Beresp-TTL
Tracecode
Geoip-Latitude
X-VCL-Version
X-CUA
X-Var-Ttl
X-From
X-Traceid
X-App
X-Fpc
X-LI-Proto
T-Server
X-Cache-Ttl
Lfy
X-URL
X-B3-Spanid
X-Li-Proto
X-FPC
Geo-Info
X-Service
X-Webkit-Csp-Report-Only
X-Cache-PHP
C-Via
X-Fragments
Lang
X-Unique-ID
Fastly-Drupal-HTML
X-VC
Cf-Int-Pingora-Origin-Digest
Target-Params
X-Vcl-Version
X-Newrelic-Synthetics
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
X-WP-CF-Super-Cache-Cache-Control
X-Provided-By
X-WP-CF-Super-Cache
Test
X-Mcache
X-Render-Time
X-RAMCache
M-TraceId
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
Resin-Trace
MIME-Version
Permissions-Policy
Server-Id
Hostname
X-Ha-Backend
X-Httpd
X-COUNTRY
X-Geo
X-Proxy-Cache-Info
Servername
WZWS-RAY
X-ID
X-B3-Traceid
X-Via-PopH
X-Clientip
X-Via-PopN
X-Via-PopV
X-Api-Version
Producers
X-NGINX-Cache
GeoIP-Country-Code
FSS-Cache
Hit
X-SB
X-ServedByHost
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
ENV
X-Platform-Router
X-Cdn-Forward
X-Platform-Cluster
X-Pool
X-Pad
X-Edge-POP
X-Platform-Processor
X-Edge-Cache
X-Oss-Server-Time
X-Scale
X-Fastly-Backend-Reqs
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Ec-Custom-Error
X-LiteSpeed-Tag
X-Oss-Object-Type
HIT
Cache-Host
X-Oss-Request-Id
UCS
Section-Origin-Responded
X-UP
X-Info
Section-Io-Origin-Time-Seconds
S-Cnection
X-Dispatcher-Number
MD5-Digest
Cneonction
X-HS-Status
Section-Io-Origin-Status
Section-Io-Id
X-ElasticPress-Query
X-Ucs
X-AIR-PT
Cf-Ipcountry
Uri
ServerName
X-Via-Ucdn
X-Acquia-Site
X-Check-Cacheable
Server-Hostname
IsBot
X-BBC-Origin-Response-Status
X-Cache-CFC
X-SIPLIST1
X-Cache-Expires
Sever-Int
X-Lb-Nocache
URI
X-Acquia-Purge-Tags
X-GoCache-CacheStatus
PICS-Label
X-Lb-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Server-Ext
Ohc-File-Size
X-Srcache-Store-Status
X-Cms-Context
X-Srcache-Fetch-Status
X-Cdn-Request-ID
Sid
X-Nc
Server-Ttl
Fastly-Backend-Name
Tcn
X-RateLimit-Reset
Cteonnt-Length
X-Fastly-Cache-Hits
X-Micro-Cache
User-Agent
X-Release
X-Snapshot-Date
X-Swift-Error
X-Dw-Trace-Id
X-Akamai-Path-Stats
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Vcache
Vha6-Origin
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-B3-ParentSpanId
Wpo-Cache-Status
X-Newrelic-App-Data
Ngx
Wpo-Cache-Message
X-Yottaa-OS
CF-Cached-On
X-Backend-Host
Load-Balancing
X-Cache-Ngx
X-ServerName
X-Air-Pt
X-HostName
EpKe-Alive
X-B3-Parentspanid
X-Fetch-By
X-WA-Info
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Shopify-Generated-Cart-Token
X-Http-Count
X-Apw-Hits
X-Apw-Access-Token
X-Cache-ASPX
X-Sentry-ID
X-Contensis-Viewer-Groups
X-APP
Req-ID
Shield-Pop
CountryCode
X-Logging-Id
X-Apw-Access-Object
X-Apw-Access-Action
X-UA
X-Last-Modified
X-Varnish-Authentication
X-BCube-Filmed-By
X-Te-Duration-Ms
X-Te-Count
X-Akamai-Pragma-Client-IP
X-CacheKey
X-Http-Duration-Ms
X-Akamai-Request-ID